1. Field of the Invention
The present invention relates to an apparatus and method for authenticating personal use of a contents; and, more particularly, to a contents personal use authentication apparatus and method using a portable storage medium.
2. Description of Related Art
Digital contents are easily and quickly copied, and the copied one maintains the same quality as the original one. Accordingly, it can be readily distributed through a wired or wireless electric communication network. This causes digital contents to be illegally copied and distributed without going through a lawful distribution process. To cope with this problem, Digital Rights Management (DRM) technology was suggested to protect digital contents from being copied and distributed without permission and lawfully distribute the digital contents through user authorization and charging procedure.
In the initial days, the DRM technology prevented the illegal copying of digital contents on a single device basis. Thus, although a user (who will be referred to as an eligible user, hereafter) receives a digital content through a lawful distribution path, the user can use the digital content only in the terminal used for receiving the digital content. In other words, the user cannot use the digital content in other devices that the user owns. Here, a problem that the personal use right by a lawful user is infringed.
To protect the right of a user personally using a digital content, conventional technology called domain technology was suggested. Domain technology allows an eligible user to bind a plurality of devices owned by the eligible user into one group and freely copy and share digital contents among the devices of the group. Researchers are now studying to advance the domain technology.
The domain technology has two ways of registering devices. First, a domain management server existing outside a domain issues domain membership authority to a plurality of devices included in the domain. Second, some devices belonging to the domain issue domain membership authority to the other devices. The latter method is more appropriate in view of securing personal use than the former method because the domain is formed directly by a device owned by a user.
As described above, general domain technologies limit the scope of personal use to devices registered in a domain. Therefore, when an eligible user acquires a new device and the new device is not registered yet or cannot be registered due to its own characteristics, the user cannot copy a digital content into the new device or even if a digital content is copied into the new device, the new device cannot play the digital content. In short, the simple domain technology based on registration method limit the use scope of contents and it cannot achieve personal use in its exact meaning. Since this makes eligible users inconvenient, a user authentication method needs to be applied to the domain technology so that the personal use in its exact meaning should be achieved.
Typical user authentication method largely includes information a user knows, i.e., ‘what you know’, information unique to the user, i.e., ‘who you are’, and information the user has, i.e., ‘what you have’. Herein, the information the user knows, e.g., ID and password, may be given to other users for an illegal purpose. Also, realizing a system using the information unique to the user, e.g., fingerprints and eye iris, has a problem of high cost. Therefore, it is required to develop a method and apparatus that can support a user authentication based on information a user has.